How to find bugs or vulnerable on our web server

I shared my experience about the weakness of the web server spiritually, I have experienced sql injection on my server that makes someone can access the server and delete the data, I just assumed I was hit backdoor,
Well I try to find the gap in my web server using "OWASP ZAP"
And i found a sql injection gap in my own web server